CVE-2015-7179Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-805Buffer Access with Incorrect Length Value4 documents4 sources
Severity
7.5HIGHNVD
EPSS
2.1%
top 15.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Firefox
Timeline
PublishedSep 24
Latest updateMay 17

Description

The VertexBufferInterface::reserveVertexSpace function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, incorrectly allocates memory for shader attribute arrays, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via crafted (1) OpenGL or (2) WebGL content.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDmozilla/firefox40.0.3+7

🔴Vulnerability Details

1
GHSA
GHSA-68h8-2w7q-pjvq: The VertexBufferInterface::reserveVertexSpace function in libGLES in ANGLE, as used in Mozilla Firefox before 412022-05-17

📋Vendor Advisories

1
Red Hat
Mozilla: Memory safety errors in libGLES in the ANGLE graphics library (MFSA 2015-113)2015-09-22

💬Community

1
Bugzilla
CVE-2015-7178 CVE-2015-7179 Mozilla: Memory safety errors in libGLES in the ANGLE graphics library (MFSA 2015-113)2015-09-22